Mobile apps are essential for communication, transactions and leisure and frequently rely on access to personal data. This study examines Google Play’s Data Safety section and declared permissions five years after the GDPR came into force, focusing on how developers disclose data collection, sharing, security practices and deletion controls. We use metadata from 49,578 Android apps and analyze self-reported disclosures in relation to permission categories, app categories, installs and user ratings. The results show that free apps request broader permission access than paid ones and that declared permission use has gradually increased over time. In addition, 25.44% of the sampled apps had not completed any part of the Data Safety section and non-completion was associated with app age, installation band and pricing model. Among apps with completed relevant Data Safety section disclosures, 11% of developers explicitly declared that data are not encrypted in transit and 34% explicitly declared that no user-initiated data deletion mechanism is available. Category-level differences in declared data collection and sharing were modest, while the relationship between permission breadth and user ratings was small. Overall, the findings indicate that structured disclosure mechanisms can improve visibility of privacy-related information, but do not necessarily ensure its completeness or consistency.
Magoulas et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: